In out case, we need to set the maximum password age. Regards,
Marcelo H. Terres [email protected] **************************************** ICQ: 6649932 MSN: [email protected] Jabber: [email protected] http://twitter.com/mhterres http://identi.ca/mhterres **************************************** http://mundoopensource.blogspot.com/ http://www.propus.com.br On Wed, Feb 24, 2010 at 6:36 PM, Gaiseric Vandal <[email protected]>wrote: > We had a few users with the same problem when we moved the password backend > from tdb to ldap. The following command seem to fix it. > > pdbedit -P "maximum password age" -C -1 > > > > > > On 02/24/2010 04:25 PM, Marcelo Terres wrote: > >> Samba 3.0.24 doesn't have the problem, maybe because it doesn't support >> the >> policies domain account (configured with pdbedit). >> >> This feature starts in 3.0.25 and the problems with password expiration >> starts in the version either. >> >> Regards, >> >> Marcelo H. Terres >> [email protected] >> **************************************** >> ICQ: 6649932 >> MSN: [email protected] >> Jabber: [email protected] >> http://twitter.com/mhterres >> http://identi.ca/mhterres >> **************************************** >> http://mundoopensource.blogspot.com/ >> http://www.propus.com.br >> Sent from Porto Alegre, RS, Brazil >> >> On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt< >> [email protected]> wrote: >> >> >> >>> Hi, >>> >>> I have a very similiar problem, but the story is an other: >>> >>> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba >>> 3.4.3 >>> (pdc). The user-accounts were moved following this instruction: >>> >>> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/ >>> . >>> When some user now try to login to the domain from a xp-client following >>> message appears at every login: "Your Windows password has expired and >>> must >>> be changed. You must change your password now!" The user can change the >>> password and everything works fine. But at next login the same story. >>> This >>> happens only to some of the old users and to all users created after >>> migration. Any idea what could be the reason for this? I already searched >>> a >>> lot but didn't find something like this. >>> >>> Thanks for any info. >>> >>> Regards, >>> Martin >>> >>> Dipl.- Geogr. Martin Schmidt >>> >>> Würzburg University >>> Department of Geography >>> Remote Sensing Unit >>> & >>> German Remote Sensing Data Center (DFD) at >>> German Aerospace Center (DLR) Oberpfaffenhofen >>> -------------------------------------------------------- >>> Am Hubland >>> 97074 Würzburg >>> phone: +49 (931) 31-88179 >>> fax: +49 (931) 888-5544 >>> eMail: [email protected] >>> >>> >>> >>> Here my smb.conf: >>> >>> [global] >>> #log file = /var/log/samba.%m >>> smb ports = 139 445 >>> #root = administrator >>> #DOMAIN ADMINS = root, administrator >>> >>> #----Allgemeine >>> Einstellungen-------------------------------------------------- >>> #Workgroup >>> netbios name = XXX #netbios aliases = XXX >>> server string = XXX >>> workgroup = XXX >>> guest account = XXX >>> >>> >>> >>> >>> #-----Sicherheit-------------------------------------------------------------- >>> #Nur Subnetz FE zulassen >>> hosts deny = XXX >>> hosts allow = XXX >>> >>> #Nur die Ethernet Karte 0 und Loopback zulassen >>> interfaces = eth0 lo >>> bind interfaces only = yes >>> >>> #Unbekannt Nutzer rejecten >>> #map to guest = Never >>> >>> #Zugriff auf benutzerdefinierte Freigaben nicht erlauben >>> #usershare allow guests = No >>> >>> #Kommunikation der Clients mit Samba auf User Ebene >>> #Passwort - Backend >>> #passdb backend = tdbsam:/etc/samba/passdb.tdb >>> passdb backend= smbpasswd security = user >>> encrypt passwords = true smb passwd file = /etc/samba/smbpasswd >>> passwd program = /usr/bin/smbpasswd %u >>> unix password sync = false >>> obey pam restrictions = yes >>> >>> #Fuer bestimmte Nutzer gibts extra smb.conf Dateien >>> config file = /etc/samba/smb.conf.%U >>> >>> >>> #---- Roaming Profiles >>> ----------------------------------------------------- >>> #Antworten auf WIN98/95 Anfragen >>> domain logons = Yes >>> logon path = \\%L\profiles\%U >>> logon drive = Q: >>> #logon script = logon.cmd >>> >>> #---- Browsing und Domain Master (PDC) >>> ------------------------------------- >>> #wins support = Yes >>> #wins server = XXX >>> #wins proxy = yes >>> #PDC im Subnetz >>> domain master = Yes >>> local master = Yes >>> preferred master = Yes >>> os level = 65 >>> #client-side caching policy >>> #csc policy = disable >>> >>> >>> >>> #----Benutzerverwaltung----------------------------------------------------- >>> #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort >>> #add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody >>> -s >>> /bin/false %m$ >>> >>> >>> >>> #---Drucker---------------------------------------------------------------- >>> load printers = no >>> printing = bsd >>> printcap name = /dev/null >>> disable spoolss = yes >>> >>> >>> >>> #----Tuning----------------------------------------------------------------- >>> socket options = TCP_NODELAY IPTOS_LOWDELAY >>> #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des >>> Clients >>> deadtime = 10 >>> #getwd cache = yes >>> #kernel oplocks = no >>> ldap suffix = >>> log level = 1 >>> #Sonstiger Mist >>> #include = /etc/samba/dhcp.conf >>> dos charset = CP850 >>> display charset = ISO8859-1 >>> unix charset = ISO8859-1 >>> #oplock break wait time = 20 >>> #oplocks = no >>> #kernel oplocks = no >>> >>> #---- Zeit-Server >>> ---------------------------------------------------------- >>> time server = true >>> >>> ################################### >>> # Anmeldung Freigaben ############# >>> ################################### >>> >>> [homes] >>> comment = Home Directories >>> valid users = %S, %D%w%S >>> browseable = No >>> read only = No >>> inherit acls = Yes >>> create mask = 0664 >>> directory mask = 0775 >>> >>> [profiles] >>> comment = Network Profiles Service >>> path = /home/samba/windowsprofiles >>> hide files = /desktop.ini/ >>> read only = No >>> browseable = No >>> guest ok = Yes >>> writable = Yes >>> printable = No >>> store dos attributes = Yes >>> create mask = 0700 >>> directory mask = 0700 >>> >>> [netlogon] >>> comment = Network Logon Service2 >>> path = /home/samba/netlogon/%g >>> guest ok = Yes >>> browseable = No >>> read only = No >>> writable = Yes >>> >>> >>> ################################### >>> # Freigaben ####################### >>> ################################### >>> ... >>> >>> >>> >>> >>> Marcelo Terres schrieb: >>> >>> Hi. >>> >>> >>>> I enabled policies with pdbedit. Password must be changed every 90 days >>>> and >>>> must contain at least 8 characters. I enabled password history too. >>>> >>>> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour) >>>> every >>>> time a user try to log in the domain using Windows receives a "Your >>>> password >>>> expires today. Do you want to change it now ?" message box. If the >>>> password >>>> is changed, the message appear again next time the user try to login. If >>>> the >>>> user answers no the same thing happens in the next login. >>>> >>>> I tested it with a lot of users and changed the passwords several times >>>> and >>>> the problem continues. >>>> >>>> Anybody have some idea about this problem ? >>>> >>>> Thanks in advance. >>>> >>>> Regards, >>>> >>>> Marcelo H. Terres >>>> [email protected] >>>> **************************************** >>>> ICQ: 6649932 >>>> MSN: [email protected] >>>> Jabber: [email protected] >>>> http://twitter.com/mhterres >>>> http://identi.ca/mhterres >>>> **************************************** >>>> http://mundoopensource.blogspot.com/ >>>> http://www.propus.com.br >>>> Sent from Porto Alegre, RS, Brazil >>>> >>>> >>>> >>>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> >>> >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
